Anybody that plans a business on a mobile platform based on app sales should take note of this, even if it isn't there yet I really think that it is the future. We've already seen this movie before, and if google docs is possible on a desktop/laptop + serverfarm you really have to wonder how long it is going to take before history repeats itself and 'apps' will go the way of a large number of desktop applications that are now 'web-apps'.
Looking at the way the proxy was created on the Nginx server, it seems he's created an open http proxy that's asking to be abused. Anyone could make a curl request to that /apps/bbc-news/proxy uri and pass whatever URL they wanted to hit via the x_bbc_url http header. Doing this, any request they make would appear to come from the whitherapps.com (or whatever) domain. I can see the 4chan guys having a field day with this posting spam to boards their own IPs have been banned from. Seems like the server should only allow http proxying to a white list of domains, or better yet, a white list of urls.
You've gotten pretty far with this, and for that it's worth commending. Nice job. I look forward to seeing a polished version of this. You should offer it up to the BBC. :)
Html5 on the ipad is still wishful thinking by people who don't want to bother being an ios developer. This demo is clearly worse than the BBC app and i have yet to see an ios web app that doesn't feel hacky and make me wish for a native version.<p>In a couple generations when mobile CPUs are faster and ipads have more than 256mb of ram, we will see a repeat of the web app takeover that occurred on the desktop.
I love this type of stuff. The project I'm working on right now is all about having a better experience than the iPad magazine apps, while using HTML/JS instead of proprietary tech.<p>Here's a video demo of some of the layout, for the curious: <a href="http://www.youtube.com/watch?v=Pt2iJZGqMpw" rel="nofollow">http://www.youtube.com/watch?v=Pt2iJZGqMpw</a>
I was surprised when I was checking caniuse.com today that cross origin requests were supported pretty much across the board.<p>Is there a reason you couldnt use them?
<a href="http://caniuse.com/#feat=cors" rel="nofollow">http://caniuse.com/#feat=cors</a>
Html/js is good for some UI parts of an app but eventually makes one yearn for native threading/locking, queueing, posting notifications, for that last 10-20% of code.